[CERT-daily] Tageszusammenfassung - 08.05.2018
Daily end-of-shift report
team at cert.at
Tue May 8 18:09:52 CEST 2018
=====================
= End-of-Day report =
=====================
Timeframe: Montag 07-05-2018 18:00 − Dienstag 08-05-2018 18:00
Handler: Stephan Richter
Co-Handler: n/a
=====================
= News =
=====================
∗∗∗ Office 365 Zero-Day Used in Real-World Phishing Campaigns ∗∗∗
---------------------------------------------
A new email attack known as baseStriker allows miscreants to send malicious emails that bypass security systems on Office 365 accounts.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/office-365-zero-day-used-in-real-world-phishing-campaigns/
∗∗∗ Don’t Share Email with Scripts and Macros ∗∗∗
---------------------------------------------
Sharing documents scripts and macros over email is a habit you want to break, says Broderick Aquilino, Senior Researcher at F-Secure. "Both scripts and macros are commonly used attack vectors," he told us. "Users practicing this increase their risk because it becomes harder for them to distinguish something malicious from what they are receiving day [...]
---------------------------------------------
https://safeandsavvy.f-secure.com/2018/05/08/dont-share-email-with-scripts-and-macros/
∗∗∗ How to Protect Your Web Applications From XXE Attacks ∗∗∗
---------------------------------------------
XML External Entities (XXE) Attacks are now the 4th greatest risk to web applications as per OWAPS Top 10.
---------------------------------------------
https://www.htbridge.com/blog/how-to-protect-your-web-applications-from-xxe-attacks.html
∗∗∗ Maikspy Spyware Poses as Adult Game, Targets Windows and Android Users ∗∗∗
---------------------------------------------
We discovered a malware family called Maikspy - a multi-platform spyware that can steal users' private data. The spyware targets Windows and Android users, and first posed as an adult game named after a popular U.S.-based adult film actress. Maikspy, which is an alias that combines the name of the adult film actress and spyware, has been around since 2016. Multiple Twitter handles were found promoting the Maikspy-carrying adult games and sharing the malicious domain via short links.
---------------------------------------------
https://blog.trendmicro.com/trendlabs-security-intelligence/maikspy-spyware-poses-as-adult-game-targets-windows-and-android-users/
∗∗∗ Drupal-Lücken: Lenovo versäumt Webseiten-Update und fängt sich Krypto-Miner ein ∗∗∗
---------------------------------------------
Ein Sicherheitsforscher warnt, dass Angreifer gegenwärtig ungepatchte Drupal-Webseiten attackieren, um dort einen Kryptogeld-Miner zu platzieren. Sicherheitsupdates sind schon länger verfügbar.
---------------------------------------------
https://www.heise.de/-4044683
∗∗∗ Mobile Menace Monday: re-emergence of a fake Android AV ∗∗∗
---------------------------------------------
Way back in early 2013, a new antivirus (AV) company emerged into the mobile security software industry that had everyone perplexed. It seemed like a fake Android AV, but received certification by a reputable AV testing organization! Now, five years later, its back. Heres why you shouldnt trust it.
---------------------------------------------
https://blog.malwarebytes.com/malwarebytes-news/2018/05/mobile-menace-monday-reemergence-industry-duping-fake-av/
∗∗∗ 8 Tips to Harden Your Joomla Installation ∗∗∗
---------------------------------------------
Joomla arrived on the scene in 2005 as a fork of the Mambo content management system (CMS). Downloaded over 91 million times, it has since eclipsed Mambo to become a ubiquitous platform for websites of all sizes. According to last year's Hacked Website Report from Sucuri, which used insights from over 36,000 compromised sites, Joomla [...]
---------------------------------------------
https://www.tripwire.com/state-of-security/featured/8-tips-harden-joomla-installation/
∗∗∗ Hacking train passenger Wi-Fi ∗∗∗
---------------------------------------------
After speaking about Wi-Fi security at a rail industry conference last week, it struck me that very insecure passenger networks are making their way on to trains. So, here's a quick check list for making sure your pax Wi-Fi network is secure. Similar checks could be applied to your guest network in your office, Wi-Fi [...]
---------------------------------------------
https://www.pentestpartners.com/security-blog/hacking-train-passenger-wi-fi/
=====================
= Vulnerabilities =
=====================
∗∗∗ Security Bulletins Posted ∗∗∗
---------------------------------------------
Adobe has published security bulletins for Adobe Creative Cloud Desktop Application (APSB18-12), Adobe Flash Player (APSB18-16), and Adobe Connect (APSB18-18). Adobe recommends users update their product installations to the latest versions using the instructions referenced in the relevant bulletin.
---------------------------------------------
https://blogs.adobe.com/psirt/?p=1557
∗∗∗ iPrint Appliance 2.1 Patch 7 ∗∗∗
---------------------------------------------
Abstract: iPrint Appliance 2.1 Patch 7 is a cumulative patch including fixes from all the previous 2.1 patches and hot fixes. Document ID: 5377430Security Alert: YesDistribution Type: PublicEntitlement Required: YesFiles:iPrint-2.1.0.87.HP.zip (950.24 MB)Products:iPrint Appliance 2.1Superceded Patches:iPrint Appliance 2.1
---------------------------------------------
https://download.novell.com/Download?buildid=uKzGH3eCxf0~
∗∗∗ SAP Security Patch Day - May 2018 ∗∗∗
---------------------------------------------
This post by SAP Product Security Response Team shares information on Patch Day Security Notes* that are released on second Tuesday of every month and fix vulnerabilities discovered in SAP products. SAP strongly recommends that the customer visits the Support Portal and applies patches on a priority to protect their SAP landscape.
---------------------------------------------
https://blogs.sap.com/2018/05/08/sap-security-patch-day-may-2018/
∗∗∗ Android Security Bulletin - May 2018 ∗∗∗
---------------------------------------------
The Android Security Bulletin contains details of security vulnerabilities affecting Android devices. Security patch levels of 2018-05-05 or later address all of these issues. To learn how to check a devices security patch level, see Check & update your Android version.
---------------------------------------------
https://source.android.com/security/bulletin/2018-05-01
∗∗∗ USN-3639-1: LibRaw vulnerabilities ∗∗∗
---------------------------------------------
libraw vulnerabilitiesA security issue affects these releases of Ubuntu and its derivatives:Ubuntu 18.04 LTSUbuntu 17.10Ubuntu 16.04 LTSSummarySeveral security issues were fixed in LibRaw.Software Descriptionlibraw - raw image decoder libraryDetailsIt was discovered that LibRaw incorrectly handled certain files.An attacker could possibly use this to execute arbitrary code.(CVE-2018-10528)It was discovered that LibRaw incorrectly handled certain files.An attacker could possibly use this to [...]
---------------------------------------------
https://usn.ubuntu.com/3639-1/
∗∗∗ Security updates for Tuesday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (wget), SUSE (patch), and Ubuntu (qpdf).
---------------------------------------------
https://lwn.net/Articles/753882/
∗∗∗ WebKitGTK+ Security Advisory WSA-2018-0004 ∗∗∗
---------------------------------------------
Date Reported: May 07, 2018 Advisory ID: WSA-2018-0004 CVE identifiers: CVE-2018-4121, CVE-2018-4200,CVE-2018-4204. Several vulnerabilities were discovered in WebKitGTK+. CVE-2018-4121 Versions affected: WebKitGTK+ before 2.20.0. Credit to Natalie Silvanovich of Google Project Zero. Impact: Processing maliciously crafted web content may lead toarbitrary code execution. Description: Multiple memory corruptionissues were addressed with improved memory handling.
---------------------------------------------
https://webkitgtk.org/security/WSA-2018-0004.html
∗∗∗ IBM Security Bulletin: IBM OpenPages GRC Platform has addressed multiple Apache Tomcat vulnerabilities. ∗∗∗
---------------------------------------------
http://www.ibm.com/support/docview.wss?uid=swg22011364
∗∗∗ Linux kernel vulnerability CVE-2017-8824 ∗∗∗
---------------------------------------------
https://support.f5.com/csp/article/K15526101
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list